The five biggest cyber threats to UK businesses

October 08 2021 By David Cannon

In honour of National Cyber Security Month, our expert David Cannon shares the five biggest cyber threats to UK businesses and the steps you should take to protect you, your business and your employees.

1. The evolution of Ransomware

This is fast becoming the biggest risk to UK businesses, large or small. It’s not just an issue for big organisations, as SMEs are now also being targeted on a regular basis. While Ransomware is often in the news, it is reported that 84% of UK businesses still do not understand the impact this can have on them. It’s an issue that affects everyone and as ransomware evolves, so does the need to protect your business.

You can learn more about ransomware and the steps to take to protect yourself in our ransomware blog.

2. Email Phishing and Whaling scams

Hackers manipulate the human trust element and exploit people’s willingness to trust without asking questions. Phishing or Whaling is a method used by cyber-criminals to gain access to systems, by sending an email or redirecting you to a website that looks legitimate. With staff working remotely, the risk of clicking on, what appeared to be, a genuine email increases.

The human error element then allows hackers access to your system. The most common risks with this are financial fraud and fund transfers; this is where you receive a genuine expected invoice from a client, however the hackers have intercepted this and changed the bank details.

It is important your staff are educated about these kinds of emails, so they are aware to check if an email is genuine. The National Cyber Security Centre offers information and advice for organisations of all sizes. To download NCSC ‘Practical tips for protecting your organisation online’ please click here (external link). Alternatively, there are private companies that offer this kind of training if you can’t internally.

3. Insider threats and lack of staff awareness

One of the biggest risks still comes from within an organisation. Employee lack of knowledge or training, along with the risk of human error still represents a significant risk to all businesses. For example, the insider threat could come from an ex-employee who may still have access to your systems.

It is important to have and regularly check company policies and procedures around IT use, especially when it comes to staff leavers. The National Cyber Security Centre offers online cyber training packages, aimed at charities and small businesses. For further information, please click here (external link). Also, for NCSC advice for larger organisations, please click here (external link).

4. Zero-day attacks

A zero-day attack happens when hackers specifically target a flaw or vulnerability within a system. There are two types of attacks which can occur. A zero-day vulnerability uses an existing hole in the software’s security and a zero-day exploit uses the same vulnerability to install harmful software onto the system. Once infected, it is used to destroy, disrupt and steal vital business-related data, or corrupt systems.

If you don’t have the expertise internally to ‘strength-test’ your IT systems and software, the National Cyber Security Centre can provide access to ‘Exercise in a Box’; an online tool which helps organisations find out how resilient they are to cyber attacks. For more information please click here (external link). Alternatively, there are private companies that can carry out such services available in the market.

5. Not having Cyber Insurance

While good cyber protections and processes can help mitigate the above risks, a cyber insurance policy will protect your business and its reputation, if the worst was to happen – this vital tool should form part of your cyber protections. It aids in handling the crisis management and protecting your GDPR risk, while covering loss of revenue and any costs in restoring data. All these consequences can have significant costs and without insurance, you or your business would be under considerable stress to meet these costs.

With average cyber claims now around £25,000–£30,000, cyber insurance should be considered as one of the most vital protections of any business, large or small.

If you are unsure whether you have cyber protection, would like to chat to someone about getting the cover you need, or if you would like us to help you assess your cyber risk, speak to one of our experts today at or click here to learn more about our cyber cover.